Attackers may leverage these issues to steal cookie-based authentication credentials, execute arbitrary script code in the browser, perform unauthorized actions, gain unauthorized access, obtain sensitive information, compromise the application, access or modify data and to execute arbitrary commands in the context of the vulnerable application; other attacks are also possible.